Main menu

Deeplinks Blog posts about DRM

Earlier this year, an independent security researcher named Rotem Kerner came forward to disclose critical bugs in a digital video recorder that was integrated into over 70 vendors' CCTV-based security systems.

The vulnerability is a grave one. These DVRs are designed to be connected to whole networks of security cameras. By compromising them, thieves can spy on their targets using the targets' own cameras. In fact, Kerner was part of a team at RSA who published a report in 2014 that showed that thieves were using these vulnerable system to locate and target cash-registers for robberies.

Everybody knows that the digital locks of DRM on the digital media you own is a big problem. If you’ve bought a digital book, album, or movie, you should be able to do what you want with it—whether that’s enjoying it wherever you want to, or making it more accessible by changing the font size or adding subtitles, or loaning or giving it to a friend when you’re done. We intuitively recognize that digital media should be more flexible than its analog forebears, not less, and that DRM shouldn’t take away rights that copyright was never intended to restrict.

As networked computers disappear into our bodies, working their way into hearing aids, pacemakers, and prostheses, information security has never been more urgent -- or personal. A networked body needs its computers to work well, and fail even better.

Graceful failure is the design goal of all critical systems. Nothing will ever work perfectly, so when things go wrong, you want to be sure that the damage is contained, and that the public has a chance to learn from past mistakes.

That's why EFF has just filed comments with the FDA in an open docket on cyber-security guidelines for medical systems, letting the agency know about the obstacles that a species of copyright law -- yes, copyright law! -- has put in the way of medical safety.

Imagine a new, disruptive company figured out a way to let hundreds of people watch a single purchased copy of a movie, even though the rightsholders who made that movie objected. The new company charged money for this service, and gave none of it back to the movie's creators. That's exactly the business model that a controversial project at the Web's premier open standards organization seeks to prevent.

Of course, it's also the business model of Netflix, circa 1997, not to mention every prior video rental service relying on the traditional principle that a copyright owner's control ended when they sold a copy of the work.

A crowd upset about the possibility of DRM in Web standards gathered to protest outside the World Wide Web Consortium's Advisory Committee meeting in Cambridge, MA last night. EFF is participating in these W3C meetings as a member, encouraging the group to adopt a non-aggression covenant to protect security researchers, standards implementors and others from the effects of including DRM-related technology in open standards.

Last night's protests, shown below, were organized by the Free Software Foundation and included comments from EFF's International Director Danny O'Brien.